Installing & Maintaining MetaRouter
Overview
In order to begin processing your customer data with MetaRouter, you must determine how you want to host and install your platform. MetaRouter provides optionality that ensures you are able to choose a hosting style that is right for your organization’s needs, whether that means allowing MetaRouter to host your data infrastructure, or allowing MetaRouter to install your data infrastructure on your own cloud environment.
How to Choose: MetaRouter-Hosted vs. Self-Hosted Platforms
There are certain considerations to keep in mind when choosing a MetaRouter-Hosted vs. Self-Hosted platform:
Security Review Requirements
Some organizations may not allow MetaRouter to host their data infrastructure on our cloud environment due to stringent security policies. In this scenario, the Self-Hosted platform will allow your organization to use MetaRouter as it will be hosted within your own cloud environment.
Cloud Environment Requirements
Some organizations mandate that a certain cloud provider is used. This is commonly due to past experience with or current usage of a certain environment, a desire to include infrastructure costs with a cloud that they’ve already committed spend towards, or conflicts of interest with specific cloud providers.
Resource Costs
Your organization will be directly responsible for the resource costs that are incurred by MetaRouter with self-hosted infrastructure. MetaRouter will provide you with rough estimates your resource costs based on your anticipated event volume and number of integrations required.
Cloud Complexity & Implementation Time
Organizations’ cloud environments can vary in their complexity. If your organization wants MetaRouter to install infrastructure within your cloud environment, you will want to ensure that you are able to easily give MetaRouter the proper access that is necessary to perform installation, monitoring and maintenance. If these permissions are difficult to locate and grant access for, hosting on your own cloud may add delays to your implementation and require additional implementation resources.
MetaRouter-Hosted Installations
MetaRouter-hosted installations require far less coordination between our team and yours. You should still make your IT team aware of MetaRouter-Hosted installations to ensure that there are no data or Infosec policy conflicts relating to your MetaRouter-Hosted installation. We will install your platform on Google Cloud Platform (GCP).
Self-Hosted Installation & Maintenance Lifecycle
You should understand the technical requirements and expectations that come with installing MetaRouter.
- Infrastructure Installation & Maintenance
- Platform (software) Installation & Maintenance
- Service, Support & Troubleshooting
- Access Requirements
MetaRouter will handle the vast majority of installation and maintenance of the platform. Even so, for self-hosted installations it is critical that you ensure that our team is granted appropriate access to your cloud environment to ensure a smooth installation and maintenance lifecycle. This oftentimes means that your IT team will need to be made aware of the MetaRouter installation and will be responsible for granting our team appropriate cloud environment access.
Infrastructure Installation & Maintenance
MetaRouter infrastructure installation covers the underlying cloud infrastructure that the MetaRouter platform requires for operation. We can install the platform on Google Cloud Platform, Amazon Web Services and Azure. Infrastructure installation will include the following resources and services:
- Network components such as subnets, routes, firewalls, and NAT gateways (structure and terminology varies by provider)
- Public-facing Kubernetes cluster (AKS, EKS, GKE) including underlying resources such as compute and block storage
- When hosting the platform on Azure, Kubernetes version upgrades may require a maintenance window and temporary outage. Maintenance windows will be communicated according to Service Level Agreements (SLAs).
- Load balancer (including static IP addresses)
- Cryptographic key management service (Azure Key Vault, AWS KMS, GCP key management)
- Object storage for configuration management (Azure blob, AWS S3, Google Cloud Storage)
- IAM resources such as users, groups, and service accounts to provide sufficient access by engineers and automation
Expectations
We have found it helpful to provide a list of expectations to be set during the installation process that divides responsibilities between our team and yours. By ensuring your organization understands and is prepared to cover your responsibilities, you will ensure that the MetaRouter install process is as seamless as possible.
Your responsibilities during installation:
- You will provide timely feedback on significant infrastructure change requests.
- You will provision a new logical infrastructure container in the cloud provider (e.g. AWS account, Azure subscription or resource group, GCP project) for MetaRouter platform resources and assign administrator/owner privileges to select MetaRouter team members.
- You will provide administrator/owner privileges for MetaRouter engineering team members through the duration of the contract.
- You will provide continuous access to the infrastructure by MetaRouter to facilitate installation and maintenance.
MetaRouter’s responsibilities during infrastructure installation & maintenance:
- MetaRouter will install and maintain cloud infrastructure.
- MetaRouter will perform any scheduled maintenance to ensure continuity of MetaRouter uptime and service.
- MetaRouter will, when necessary, perform emergency maintenance in order to provide support according to our SLA.
- If any change to infrastructure could incur significant additional costs to you, MetaRouter will provide you with an explanation and any relevant documentation.
Platform Installation & Maintenance
Platform installation and maintenance includes installing the MetaRouter software on the Kubernetes cluster and performing regular upgrades to add new features, improve existing functionality, fix bugs, and address vulnerabilities.
Customer's responsibilities during platform installation & maintenance:
- You will provide continuous Platform access to the MetaRouter team to facilitate installation and maintenance.
MetaRouter’s responsibilities during platform installation & maintenance:
- MetaRouter will perform the initial platform installation on the Kubernetes cluster.
- MetaRouter will use automation to perform regular platform upgrades on the Kubernetes cluster. The automation uses a service account with enough permission to manage upgrades. This is most easily done via a service account managed by MetaRouter, but if absolutely necessary, you may provide a service account with sufficient permission to manage upgrades instead. MetaRouter can provide logs of upgrades upon request. Please reach out to your MetaRouter Customer Success Manager to facilitate these requests.
- MetaRouter reserves the right to perform platform upgrades at any time for the purposes listed above and to support service guarantees.
Service, Support, and Troubleshooting
Service, support, and troubleshooting includes accessing all components of the service that handle customer data to facilitate infrastructure support, and platform support and troubleshooting.
Customer's responsibilities:
- You will provide continuous, unbroken access to the platform by MetaRouter’s team to facilitate support and troubleshooting.
- 24/7 access to a person or department responsible for the infrastructure necessary to deploy and operate our service.
- If you cannot grant MetaRouter the ability to manage IAM, you must provide a 24x7x365 contact who can add, remove, or rotate credentials within a one-hour response time.
MetaRouter’s responsibilities:
- MetaRouter will use a secure proxy service (Teleport) to control, monitor, and log access to the cluster. MetaRouter can provide the audit logs to you.
- MetaRouter will collect telemetric/health data to monitor service operation and trigger alerts.
- Using telemetric/health trends and alerts, MetaRouter will troubleshoot service issues in accordance with our service guarantees.
Access Requirements
IAM Permissions
MetaRouter strongly recommends granting our team the ability to manage IAM where possible. This results in the following benefits:
- The MetaRouter team will ensure smooth management of the credential lifecycle to meet our compliance requirements. Continuous monitoring and management of credentials is fundamental to our systematic approach to cybersecurity, data privacy, and overall efficiency.
- The MetaRouter team will add, remove, and adjust the permissions of principals as necessary to manage the platform. In particular, we can quickly remove principals who no longer work at MetaRouter to prevent security concerns.
- The MetaRouter team will involve fewer people and steps to implement platform changes and improvements.
You most notify MetaRouter of any changes to credentials at least three days prior to credential changes.
Additional Considerations
Can MetaRouter support IP access lists?
MetaRouter cannot support IP access lists that can act to restrict access to cloud provider APIs, cluster control plane APIs, platform control plane APIs, or platform ingress/egress traffic. Our reliance on cloud services means that we cannot publish or use consistent IP addresses.
Updated 8 months ago